Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

RE: IE
From: "rst" <rst () zaebiz com>
Date: Wed, 21 Jul 2004 12:41:15 +0400

The browser version could be checked using Jscript.
<script language="JScript">
alert(navigator.appCodeName+"\n"+navigator.appMinorVersion+"\n"+navigato
r.appName+"\n"+navigator.appVersion+"\n"+navigator.userAgent);
</script>
Run script above and feel happy.
Basically - you can setup the firewall to filter the user-agent like
strings (Not only in headers).



-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of nicolas
vigier
Sent: Monday, July 19, 2004 3:47 PM
To: Ill will
Cc: full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] IE

On Sun, 18 Jul 2004, Ill will wrote:

"user-agent contains very little _sensitive_ info"

user agents could be used for exploits.. like redirecting the browser 
to whatever exploit page  by the definition of what browser is 
connecting to it etc.. so it would be a  good idea for some people to 
conseal what type of browser is defined in the headers

And you can feel safe with that ? Someone can put an exploit on a page
without checking your browser before.
The real solution is to use a browser with no known vulnerability (and
that's better if it didn't have a lot in the past), not to try to hide
what you are using.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]